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Abstract— There is a growing number of people with access to the Internet smartphones and otber^bbile 
devices and this number is growing even more so in developing countries. This translates to ajapl^ncrease 
in online users and subsequently an increase in the number of people who could perceptible to 
information security exploitation, depending on their knowledge of personal informitiorS^rotection and 
online etiquette. This study explores how users conduct themselves online anaSS^tfier they reflect 
information security awareness. This study is a quantitative one where a survej^^fethod was used in 
collecting the data. The user responses were analyzed to determine their ^ffcifj information security 
practices, and if they are security-oriented or not. 
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I. Introduction C> 

The new internet users need to be well informed on thesecurtfy fasfuresof their technology as well as their 
Responsibilities to protect their personal information []]^^process is often conducted in the induction 
programmer of many organizations for their new staff marrraers; however, there is no induction or security 
training provided to the general new internet user. Twelves the general users to self-educate and renders 
them vulnerable to hoaxes and even opportunjstte^rimes such as social engineering and tailgating on 
accounts where users did not log out. It is often saw that the weakest link in the security of any system is 
the user. For example, if someone discloses^V password, they have bypassed the security control and 
weaken its effectiveness. In addition, if ajA^loes not log out of their user account and leaves the device 
open, someone else might use their^cr^QnJIals to perform malicious activities or even destroy some of the 
information that they access. 




W ith the rapid increase in the n\jrmer of people with internet access or smart phones, there remains a need 
for these users to be wellvil^teaon the security features of their technology [2]. The most basic of these 
features is the privacy poMcSJlmich is often presented to online users on the website in the form of links in 
the footnotes or as ar/w^Jr )age with conditions to which the user agrees in order to view the rest of the 
content. This priva^cClrcy is provided on mobile device applications during the installation process in the 
user agreementl^ALJ 

J^^^ II- Information Security End User Policies 

Sepwfc ^ i^the notion of feeling secure or safe from harm and danger []]. Information security is a concept 
if^ol\Jd with protecting the organization's information and human resources by way of monitoring and 
comytiance assessments [2]. Furthermore, Information security (IS) focuses on preserving the critical 
characteristics of information such as availability, accuracy, authenticity, confidentiality and integrity [1]. 
Given the growing importance of information, it is often viewed as being analogous to an organization's 
key resource [3]. According to [4] many corporate executive teams have acknowledged the importance of 
information and that it must be managed effectively, the same level of importance should be placed on 
personal information at individual level. 
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Based on the importance placed on organizational information, it has become essential to put measures in 
place to safeguard such information and organizations invest in information security for the protection of 
company information assets. [5] Agree that organizations are more dependent on the reliability of their 
information systems in order to ensure the credibility of their information and decisions. Therefore, they 
define the rules that govern the information security measures and these rules are contained in the 
information security policies [3]. These rules are also documented for the general user in the form of 
Privacy policies and user agreements; these are available and presented to the users on mobile applications 
during the installation process, as well as on website content. [6] further confirms that it is a well-known 
fact that information security policies act as controls to manage information security in an organiza^iojrtrcd 
privacy policies during private individual use. 

[6] further asserted that these policies also define the rights and responsibilities of informakpr^esource 
users by helping the users understand what is activities constitute acceptable and resporjjjlll^lehavior in 
handling the organizational data and information-to-information resources to ensurflheN^fe and secure 
handling of information in performing their organizational duties and responsifti^^. Privacy policies 
document the terms of use for the information exchanged by the parties involygj^i^luding the type of 
information, how it they intend to use it, as well as any intentions to distributeLL*«0 

[1], describe the notion of a good information security policy suc^tlaavTr should encapsulate the 
responsibilities of individuals, denote what is authorized and u^^ajzed system use, enable the 
individuals to report suspected or identified threats in the formi^^histle blowing); it should define 
punishment means for policy violations and ways to update thetyhcy to keep up with the constantly 
changing IT There is however no punishment for people disorajig their personal information to third 
parties, besides the result of the malicious use of that infon\atipn devising direct negative impact on the 
individual. It remains the responsibility of the individuj^l* protect their personal information against 
unauthorized access and usage. It is often said that^aTgreatest weakness of any information security 
system is the people, because people can act in w^!s*hat render the information and related systems 
vulnerable should they bypass the system coRt^S^ ignore these controls, or simply act against the 
information security policy or privacy policy statements. After all the governing documents have been made 
available to the system users, it remains thMtsete' responsibility to align their actions with the policies in 
order to be transacting in a safe and /C\Ke manner. It appears that there is much emphasis on and 
investment in protecting company tffVualation, but less investment and efforts for the protection of 
personal information. This has led tff^Hsearcher to investigate the user information security practices with 
a bid to recommend the measu&atfor individuals to take in protecting their personal information, based on 
their online practices. /^V^ 

III. User Online Practices 

Oy 

[7] in their Amewca|r^tudy reported the user attitudes towards security to have been frustration, 
pragmatism, ao^Omty. These can appear to be negative attitudes towards security and indication that 
security is aWl^rewed as a barrier. According to the Voice of America's online newspaper in their article 
posted onfcaprember 20B, entitled "Despite Advances, S. Africa Still Lags in Internet Usage "stated that : 

Study by the South African Network Society survey - a research organization looking at the social 
inVacJof new telecommunications networks and technologies in Africa - found that only 34% of South 
African adults use the Internet. That is about V. million people. Three-quarters of the Internet users are 
urban dwellers. The majority of them use their cell phones for access, while the remainder relies on Internet 
cafes or educational or work facilities." [8]. 

The same article cited that most new Internet users (52%) first used the Internet on their phones, which 
raises the need for phone users to be aware of their online activities and the type of personal data that they 
share in their daily online activities. 
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As opposed to organizational users whose security measures are constantly monitored and updated, the 
home users or individual users are becoming more vulnerable to online security threats and all other types 
of information security attacks. According to [9], there is indeed an increased danger to home users as seen 
in the, "current climate of attacks"; This is a phenomenon where there is a rapid increase on the number of 
services and products offered online and the users start participating in these markets in a bid to stay 
current, but without the security knowledge of how to protect themselves and their information online. 




available only to 
providers for the 



In order to highlight the importance of information security in all interactions where valuable information 
is shared, used or stored; it is essential to introduce the properties of information that need to be pr^ota^d. 
These properties are the Confidentiality, Integrity, and Availability of information [D]. They arewl^eTy 
referred to as the CIA of information [U] and should be ensured for information in transmission $nd in 
storage. The users should ensure that their personal information is kept confidential aoy^' made 
available to authorized parties and those who require the information for authentic offi»a\^e [E]. The 
users should ensure the integrity of their personal information such that it is not accesfibleVa and modified 
by unauthorized parties [H] suggest that the users should make their personal infor 
authorized users whenever they need to access it, for example the banks, thei 
purpose of the service to be provided. 

IV. Method * 

This study is a quantitative one where a survey method wasi^^wi collecting the data, where a 
questionnaire was administered by 'The Internet Society", in theiOflE Global Internet User Survey. The 
author extracted data that relates to the South African user^raialyzed this data for the user online 
information security practices, to determine whether their^r^flces were secure in nature or not. The 
survey received responses from 502 respondents in Souti^Ntea. The respondents were asked about their 
general Internet usage, their attitudes towards the lnt«Aetcis well as online privacy and identity. Among 
their key themes was the Internet usage with some fdfcw^on the user attitudes towards privacy policies. The 
respondents were b of 18 up with to 65 plus, ther^wskould consent to the study. Conclusions were drawn 
on the necessary interventions necessary to er^urage secure online behaviour for the general user on their 
home machine or mobile device. These wer^fcsad on the user practices as observed in the survey results. 



A. Do the users understand 



actions or inactions o 






suits and Discussion 
and conditions? 



The data used in this st^dj^ks collected by 'The Internet Society", in their 20E Global Internet User 
Survey [B]. The user resfonreshigh light the user views about their interactions with the internet and the 



he survey results for the online privacy and identity were noted as below: 



How well do you understand most privacy terms 

-intl i ( » r i i I i 1 1 1 > r i ' 




Figure 1 Proportions of users that understand most privacy terms and conditions 
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The respondents were asked how well they understand most privacy terms and conditions, in order to 
establish how they relate to the privacy policies. In the responses, a large portion of the population, 42 % 
said they understand the terms and conditions most of the time, which implies that they still have instances 
when they do not understand these. 

A significant number of them, 28 % said sometimes; and only a small 9% of the respondents said they 
understand these privacy policy terms and conditions all the time. The respondents were further asked if 
they read these terms and conditions, because there is a possibility that they perhaps a large share of the 
population does not understand the policies all the time due to not reading them. 



When asked, "How often do you read the privacy policies of websites or services that you sh 
information with?" The user responses were recorded as noted in figure 2 



B. Do users read the privacy policy? 



■ low ui'lcn do 
wehsilrs fit" Ntf 



you reittl the priviicy policies oJ ^^3 
irvift'x thul vim Nhur«* n«* r*« » "Vd^^J 
i hi <n in 1 1 ii in with - ? %^S* 



)e/sonal 




While users know that they 
8% of the respondents said th 
time. W hereas a significant 
and a substantial B% 
whom they share thei 




Figure 2. Propor/tT5*iSof users that read the privacy policies 

haftriftheir personal information with a third party online, only a minor 
d the terms and conditions of use as stipulated by the third party all the 
d they read these most of the time; the majority at 44% said sometimes 
lation admitted that they never read the privacy policies of those with 



•a I information. 



From these figu^sfitjan be concluded that a the 29% who read them most of the time, and the 8% of the 
population wha^i»Jrtfie privacy times all the time, to reflect secure online practices. This adds up to a total 
of 37% of tha^%spndents with an indication of having security considerations when sharing their personal 
informati^JSfilme. For those who always read the privacy policies, they are more likely to be better 
inforn^Crorrwhy their data is being collected, how it will be used and for what. They are also more likely to 
l^5w>meiT rights and responsibilities regarding the collected data. For example, they would know what 
prVealesto follow in order to opt-out of the privacy agreement. 

On the other hand, those who do not read these policies are more likely to be unaware of what who will use 
for, their personal information and who else the information could be shared with. That leaves the B% who 
never read the terms and conditions, and the 44% who read them sometimes, at a major 63% exposed to 
exploitation of their personal information. Consequently, most of the online users in South Africa have 
lower levels of security practices based on the survey results where a majority of the population revealed 
that they did not read the privacy policies of those with whom they share their personal information with 
when using online platforms. 
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The respondents were also asked, "What are the main reasons you accept the terms and conditions as 
offered, without reading them?" And 16 % answered that they accept these terms and conditions without 
reading them and selected the option," I don't have a choice if I want to complete the activity that I need to 
complete". A further 16% of the respondents said," They are too long". This is an indication that a significant 
number of internet users do not read the terms and conditions of use, but just accept these as a matter of 
convenience. The actual results from [19] indicate the responses to this question: 




Figure 3. Reasons for accepting the terms and conditions withou 



itCeding them. 



VI. Conclusions 

Although users seem more than willing to share their personal ifi^jNffion online, however when it comes 
to online storage, they are more reluctant as reported by [B] in tp£flndings of their study of users' attitudes 
toward cloud storage in general. The phenomenon wherehOTlifie users share their personal information 
with others without reading the terms of use and privacytofc^cies can be attributed to the concept of online 
trust [14] and [15] discuss the Trust as acceptance of^&^xposure to vulnerability, and in their discussion 
they argue that online trust is the reason for peopj^^wtllingness to expose their personal details to their 
online transactional partners. 

[16] in [15] describe trust as," a wi 1 1 i ngness'^fTSedpl e to be vulnerable to the actions of others based on the 
expectation that the latter will perforrOjparticular action important to the former, irrespective of the 
ability to monitor and control the l&S^rowever, [15] and [14] have also pointed out that the level of trust 
by the online users is situationatend\at it is positively related to the perceived situational risk. It has been 
subsequently established that titfsNis essential for any transaction to occur and the levels of trust just differ. 
Notwithstanding that, the l^r"j!)rsecurity on the transaction hugely affects the willingness of the user to 
share their personal deta^u>rconsequently affects the level of online trust [17]. 

In order for the usac^^understand their level of online trust and the significance of protecting their 
information; Th^\n^dentiality, Integrity and Availability properties of information should be made clear 
to them [18][]91Wte initiatives aimed at raising user awareness should take this into account and not only 
provide metVSisures of protecting the information, but also the reasons based on the type of information 
that theySOTft. Hence, the user should be equiped with the knowledge of how to classify their information, 
in Q{rl<^^be well informed when making the decision to disclose or withold their information. Asa result, 
tireuslp^/ould be in a position to adequately protect their personal information [V], Online trust and the 
reaS^s for this trust when they share their person information without reading the terms and conditions 
that apply to the use of that data is recommended for further research. 
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